General

  • Target

    9cd40de5315ae33b68773190b5e9964d7984418492d5f685e6e2fd2a04a63261

  • Size

    1.2MB

  • Sample

    241109-ehqz8azlen

  • MD5

    fde2280242aff0290c7de9d18c6d45b2

  • SHA1

    4b5ce42144a6f93eb5af6c23db9b55846d5813bb

  • SHA256

    9cd40de5315ae33b68773190b5e9964d7984418492d5f685e6e2fd2a04a63261

  • SHA512

    1739559117a62118d77c2b54c6dc144069a2fc8800131de84fb0f197a688567d4aed5f679b2d52f20f6daad94768e079fe86c81506d0750737c26c26964e12ee

  • SSDEEP

    24576:98iMtJbRDOVvUGEdJWXZo9Q6M6qSiuKXAtO+j/4pE+XSL0Fe3/18YS5/+O:98J5ys/EXZsJitXOEBU02/18dt

Malware Config

Targets

    • Target

      9cd40de5315ae33b68773190b5e9964d7984418492d5f685e6e2fd2a04a63261

    • Size

      1.2MB

    • MD5

      fde2280242aff0290c7de9d18c6d45b2

    • SHA1

      4b5ce42144a6f93eb5af6c23db9b55846d5813bb

    • SHA256

      9cd40de5315ae33b68773190b5e9964d7984418492d5f685e6e2fd2a04a63261

    • SHA512

      1739559117a62118d77c2b54c6dc144069a2fc8800131de84fb0f197a688567d4aed5f679b2d52f20f6daad94768e079fe86c81506d0750737c26c26964e12ee

    • SSDEEP

      24576:98iMtJbRDOVvUGEdJWXZo9Q6M6qSiuKXAtO+j/4pE+XSL0Fe3/18YS5/+O:98J5ys/EXZsJitXOEBU02/18dt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks